Many programs handle sensitive data which must be protected. Examples of sensitive data include but are not limited to passwords, cryptographic keys, personal information, any data or information which an organization or individual considers to be confidential, restricted, protected or secret, or any information that is required to be protected by law.
As well as being protected from access by sources external to a program, such sensitive data must not accidentally be disclosed by the program or routine itself. Programs typically put out information in a variety of different ways, which include but are not limited to logging, interaction with the user, displaying of messages, printing information out, and saving information to disk or a similar non-volatile medium. It is possible for sensitive information to be disclosed through any of these means. An accidental disclosure occurs when sensitive information is disclosed when the program design did not mean for it to be disclosed. Accidental disclosure is most likely to occur if an error condition occurs because programs typically output large amounts of information when an error occurs in order to aid resolution of the problem. Some programs may also have an ability to record what happens to data inside the program as it runs, which is usually called trace.
It is possible through careful programming to ensure that every part of a program or routine is incapable of accidentally disclosing sensitive information; however this requires the programmer to know how every part of the program will behave in every situation, including all interactions with program libraries, other programs, the operating system and the computer hardware. This checking is very costly for a large program, and is also intrinsically dangerous because any small error could allow the sensitive information to be disclosed accidentally.